NioZow / ImperiumLinks
A C++/Asm template for PIC/EXE/DLL malware
☆24Updated 6 months ago
Alternatives and similar repositories for Imperium
Users that are interested in Imperium are comparing it to the libraries listed below
Sorting:
- ☆42Updated 11 months ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆33Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆81Updated 7 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆92Updated 7 months ago
- Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.☆67Updated 2 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆58Updated last year
- In-memory hiding technique☆63Updated last year
- ☆60Updated 3 months ago
- Exploiting the KsecDD Windows driver through Server Silos☆76Updated last year
- Minimalistic HTTP(S) client for the NT kernel☆61Updated 2 months ago
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 10 months ago
- A cross-platform C++ framework for building Windows shellcode☆81Updated this week
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆28Updated last year
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆53Updated last year
- A PoC tool for exploiting leaked process and thread handles☆32Updated last year
- shell code example☆67Updated 2 months ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Updated 2 years ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆27Updated 9 months ago
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆63Updated 3 weeks ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Updated last year
- ☆35Updated 2 years ago
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆19Updated 11 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆64Updated 2 years ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Updated 9 months ago
- Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.☆36Updated 9 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated this week
- Your NTDLL vaccine from modern direct syscall methods.☆36Updated 3 years ago
- ☆90Updated last year
- Next gen process injection technique☆54Updated 5 years ago